aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorMichael Halcrow <mhalcrow@us.ibm.com>2006-10-04 05:16:22 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-10-04 10:55:24 -0400
commit237fead619984cc48818fe12ee0ceada3f55b012 (patch)
tree40c6cacf2331191139e847988882b168d111c12e /Documentation
parentf7aa2638f288f4c67acdb55947472740bd27d27a (diff)
[PATCH] ecryptfs: fs/Makefile and fs/Kconfig
eCryptfs is a stacked cryptographic filesystem for Linux. It is derived from Erez Zadok's Cryptfs, implemented through the FiST framework for generating stacked filesystems. eCryptfs extends Cryptfs to provide advanced key management and policy features. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. [akpm@osdl.org: updates for ongoing API changes] [bunk@stusta.de: cleanups] [akpm@osdl.org: alpha build fix] [akpm@osdl.org: cleanups] [tytso@mit.edu: inode-diet updates] [pbadari@us.ibm.com: generic_file_*_read/write() interface updates] [rdunlap@xenotime.net: printk format fixes] [akpm@osdl.org: make slab creation and teardown table-driven] Signed-off-by: Phillip Hellewell <phillip@hellewell.homeip.net> Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com> Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/ecryptfs.txt77
1 files changed, 77 insertions, 0 deletions
diff --git a/Documentation/ecryptfs.txt b/Documentation/ecryptfs.txt
new file mode 100644
index 000000000000..01d8a08351ac
--- /dev/null
+++ b/Documentation/ecryptfs.txt
@@ -0,0 +1,77 @@
1eCryptfs: A stacked cryptographic filesystem for Linux
2
3eCryptfs is free software. Please see the file COPYING for details.
4For documentation, please see the files in the doc/ subdirectory. For
5building and installation instructions please see the INSTALL file.
6
7Maintainer: Phillip Hellewell
8Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
9Developers: Michael C. Thompson
10 Kent Yoder
11Web Site: http://ecryptfs.sf.net
12
13This software is currently undergoing development. Make sure to
14maintain a backup copy of any data you write into eCryptfs.
15
16eCryptfs requires the userspace tools downloadable from the
17SourceForge site:
18
19http://sourceforge.net/projects/ecryptfs/
20
21Userspace requirements include:
22 - David Howells' userspace keyring headers and libraries (version
23 1.0 or higher), obtainable from
24 http://people.redhat.com/~dhowells/keyutils/
25 - Libgcrypt
26
27
28NOTES
29
30In the beta/experimental releases of eCryptfs, when you upgrade
31eCryptfs, you should copy the files to an unencrypted location and
32then copy the files back into the new eCryptfs mount to migrate the
33files.
34
35
36MOUNT-WIDE PASSPHRASE
37
38Create a new directory into which eCryptfs will write its encrypted
39files (i.e., /root/crypt). Then, create the mount point directory
40(i.e., /mnt/crypt). Now it's time to mount eCryptfs:
41
42mount -t ecryptfs /root/crypt /mnt/crypt
43
44You should be prompted for a passphrase and a salt (the salt may be
45blank).
46
47Try writing a new file:
48
49echo "Hello, World" > /mnt/crypt/hello.txt
50
51The operation will complete. Notice that there is a new file in
52/root/crypt that is at least 12288 bytes in size (depending on your
53host page size). This is the encrypted underlying file for what you
54just wrote. To test reading, from start to finish, you need to clear
55the user session keyring:
56
57keyctl clear @u
58
59Then umount /mnt/crypt and mount again per the instructions given
60above.
61
62cat /mnt/crypt/hello.txt
63
64
65NOTES
66
67eCryptfs version 0.1 should only be mounted on (1) empty directories
68or (2) directories containing files only created by eCryptfs. If you
69mount a directory that has pre-existing files not created by eCryptfs,
70then behavior is undefined. Do not run eCryptfs in higher verbosity
71levels unless you are doing so for the sole purpose of debugging or
72development, since secret values will be written out to the system log
73in that case.
74
75
76Mike Halcrow
77mhalcrow@us.ibm.com